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77)e MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C, § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I) 13 Responsive to communication(s) filed on 17 February 2006 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-14 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-14 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

II) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

1 2)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Pa P er No(s)/Mail Date. . 

3) G3 Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date 3/00 & two 3/03 . 6) □ Other: . 

U.S. Patent and Trademark Office 

PTOL-326 (Rev. 7-05) Office Action Summary Part of Paper No./Mail Date 20060425 
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DETAILED ACTION 

1 . This action is responsive to communication: filed on 17 February 2006 with 
original application filed 04 December 2000, and acknowledgement of a foreign priority date of 
08 December 1999. 

2. Claims 1-14 are currently pending in this application. Claims 1, 3, 5, and 7 are 
independent claims. Claims 2-8, and 13 have been amended. 

Response to Arguments 

3. Applicant's arguments filed 17 November 2005 have been fully considered but 
they are not persuasive. 

In response to applicant's argument beginning on page 8, "Schuba does not 
anticipate claim 1 because Schuba does not teach the claimed steps of determining, 
discarding, and queuing, as claimed ... As shown below, a half-open connection is not 
the same as a queue of datagrams, contrary to any assumptions or assertions the 
examiner has made. Thus, Schuba does not teach "determining, in response to the 
arrival of a connectionless datagram from a host for a port on the network server". The 
Office disagrees with argument, Schuba does show teach discarding, and queuing as 
claimed, in viewing the arguments and lengthy case history with this application 
examiner finds applicant is trying to differentiate the meaning of a connection attempt by 
using word such as connectionless or queuing the connectionless datagram. The 
protection against flooding attack as claimed is shown in Schuba. 

In response to applicant's argument beginning on page 9, "As shown below, a 
half-open connection is not the same as a queue of datagrams, Schuba describes the 
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process of establishing a transmission protocol (TCP) connection in figure 1 of Schuba 
...As stated above, Schuba defines a half-open connection as a state in which the SYN 
datagram from a destination host has been received at a source host ... In contrast, the 
invention of claim 1 limits the number of datagrams that are allowed to queue at a given 
port". The Office disagree with argument and notes that "half open-connections" are 
interpreted to be equivalent to "queuing the connectionless datagram". 

In response to applicant's argument on page 10, "Similiarly, Schuba does not 
teach "determining, in response to the arrival of a connectionless datagram from a host 
for a port on the network server, if the number of connectionless datagrams already 
queued to the port from the host exceeds a prescribed threshold." Instead, Schuba 
counts the number of half-open connections at a port, which as described above, is 
entirely different than determining the number of connectionless datagrams already 
queued to a port". The Office disagree with argument and restates that "half open- 
connections" are interpreted to be equivalent to "queuing the connectionless datagram". 

In response to applicant's argument on page 11, "Similarly, Schuba does not 
teach "queuing the connectionless datagram to a queue slot of the port" and "In 
Summary, Schuba does not teach the features of claim 1 because Schuba does not 
teach anything regarding determining the number of connectionless datagrams queued 
at a port or discarding or queuing the number of connectionless datagrams at a port. 
Instead, Schuba teaches determining the number of half-open connection at a port". 
The Office disagree with argument and restates that "half open-connections" are 
interpreted to be equivalent to "queuing the connectionless datagram". 
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In response to applicant's arguments beginning on page 1 1 , "The examiner 
rejected claims 2, 4, 6, and 8-13 under 35 U.S.C. § 103(a) as obvious over Yavatkar ... 
the proposed combination does not teach all the features of the claims ..."configuring a 
maximum number of connectionless datagrams allowed to be queued at the port". The 
Office disagree with argument and restates that "half open-connections" are interpreted 
to be equivalent to "queuing the connectionless datagram", which Schuba teaches the 
references should be looked at in combination for these claims. 



Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 7 and 8 are rejected under 35 U.S.C. 101 because the claimed invention 
is directed to non-statutory subject matter. A carrier-wave is considered at this time 
non-statutory subject matter. 

Claim Rejections - 35 USC §102 
5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
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subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1 (2) of such treaty in the English language 

6. Claims 1, 3, 5, 7, and 14, are rejected under 35 U.S.C. 102(e) as being anticipated by 
Schuba et al. U.S. Patent No. 6,725,378 (hereinafter '378). 

As to independent claim 1, "A method of preventing a flooding attack on a network 
server" is taught in '378 col. 1, lines 55-60 "the present invention includes a unique defense for 
denial of service attacks"; 

"in which a large number of connectionless datagrams are received for queuing to a 
port on the network server, comprising:" is shown in '378 col. 3, lines 16-33 "The Internet 
Protocol (IP) is the standard network layer protocol of the Internet that provides a 
connectionless, best effort packet delivery service. IP defines the basic unit of the data transfer 
used throughout an IP network, called a datagram. The deliver of datagrams is not guaranteed . . . 
Datagrams are routed towards their destination host" {"connectionless datagrams" same as 
"connectionless, best effort packet delivery service" / "network server" same as "destination 
host"}; 

"determining, in response to the arrival of a connectionles datagram from a host for 
a port on the network server" is disclosed in '378 col. 4, lines 52-54 "When a SYN packet 
arrives at a port on which a TCP server is listening"; 

"if the number of connectionless; datagrams already queued to the port from the 
host exceeds a prescribed threshold discarding the datagram, if the number of 
connectionless datagrams already queued to the port from the host exceeds the prescribed 
threshold" is taught in '378 col. 4, lines 54-58 "There is a limit on the number of concurrent 
TCP connections that can be in a half-open connection state, called the SYN-RECVD state (i.e., 
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SYN received). When the maximum number of half-open connections per port is reached, TCP 
discards all new incoming connections requests"; 

"and queuing the connectionless datagram to a queue slot of the port, if the number 
of connectionless, datagrams already queued to the port from the host does not exceed the 
prescribed threshold" is taught in '378 col. 4, lines 59-67 "until it has either cleared or 
completed some of the half-open connections". 

As to independent claim 3, this claim is directed to the apparatus of the method of claim 
1 and is similarly rejected along the same rationale 

As to independent claim 5, this claim is directed to a storage media containing program 
code of the method of claim 1 and is similarly rejected along the same rationale. 

As to independent claim 7, this claim is directed to a carrier wave containing program 
code of the method of claim 1 and is similarly rejected along the same rationale. 

As to dependent claim 14, "wherein the computer is the network server" is taught in 

'378 col. 4, line 52 through col. 5, line 17. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 
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6. Claims 2, 4, 6, and 8-13, are rejected under 35 U.S.C. 103(a) as being unpatentable over 
'378 in further view of Yavatkar et al. U.S. Patent No. 6,735,702 (hereinafter '702). 

As to dependent claim 2, the following is not taught in '378 "wherein the determining 
if the number of datagrams already queued to the port from the host exceeds a prescribed 
threshold further comprises: calculating the prescribed threshold by multiplying a 
percentage by the number of available queue slots for the port" however '702 teaches "A 
watchdog agent may assume a network attack exist if network congestion is detected ... In an 
alternate embodiment a watchdog agent detects network congestion by monitoring interface 
discard counts and average queue lengths for each port on the node" in col. 15, line 63 through 
col. 16, line 17. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the teachings of '378 a method to protect a network from denial of service attacks to 
include a means to calculate the threshold limit per port. One of ordinary skill in the art would 
have been motivated to perform such a modification in order to gain information needed to 
diagnose a network attack (see '702 col. 2 lines 44 et seq.) "Therefore there exists a need for a 
system and method allowing for the distributed state of a network such as information about 
attack traffic, to be quickly and accurately collected. A system and method are needed for 
quickly and accurately diagnosing network attacks by determining information such as the 
source of, or a partial path of, attack traffic". 

As to dependent claim 4, this claim incorporate substantially similar subject matter as in 
cited in claim 2 above and is rejected along the same rationale. 
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As to dependent claim 6, this claim incorporate substantially similar subject matter as in 
cited in claim 2 above and is rejected along the same rationale. 

As to dependent claim 8, this claim incorporate substantially similar subject matter as in 
cited in claim 2 above and is rejected along the same rationale. 

As to dependent claim 9, "further comprising: configuring a maximum number of 
connectionless, datagrams allowed to be queued at the port" is taught in *702 col. 12, lines 
27-39 "In step 440, proactive environment 100 instantiates service object 300 based on the class 
of service 102. Proactive environment 100 configures service object 300 per the permissioning 
accessed in step 434. For example, one set of permissioning may allow agent 1 10 to use service 
object 300 to read the operating characteristics of port 21 and alter settings for the port". 

As to dependent claim 10, "wherein the configuring step further includes 
configuring a controlling percentage of available queue slots remaining for the port; and 
wherein the proscribed threshold is based on the controlling percentage of available queue 
slots remaining for the port" is shown in '702 col. 12, lines 27-39. 

As to dependent claim 11, "wherein the port comprises a plurality of queue slots the 
method further comprising: maintaining a number of available queue slots of the plurality 
of queue slots for the port" is disclosed in '702 col. 12, 
lines 27-39. 

As to dependent claim 12, this claim incorporate substantially similar subject matter as 
in cited in claim 9 above and is rejected along the same rationale. 

As to dependent claim 13, this claim incorporate substantially similar subject matter as 
in cited in claim 10 above and is rejected along the same rationale. 
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Conclusion 



14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(571 ) 272-3842. The examiner can normally be reached from 6:00 am to 2:30 pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Jacques H. Louis-Jacques can be reached on (571) 272-6962. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 
Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



^ Ellen Tran 

Patent Examiner 
Technology Center 2134 
25 April 2006 




